@ST_Rob wrote:
This xml document lists all the necessary IPs, but is just too big to put into the list.
As this list of valid IPs updates monthly, it is an ideal candidate for using the API to update the list. The good news is that the list is distributed in RSS feeds (in xml format) so the RSS feed can be read directly.
As this affects virtually all users, Meraki probably needs encouraging to set this up for general use.
@uberseehandel
@PhilipDAthwrote:Then perhaps use group policy to give the terminal server access 8pm to 8am, and during that time it will be able to talk to Microsoft licencing.
Hopefully, the machines are turned off when not in use. ;-[])
@uberseehandel
Here is a recent pronouncement from Microsoft -
Office 365 URLs and IP address ranges
Applies To: Office for business Office 365 Admin Office 365 Small Business Admin Office 2016 for Mac Microsoft 365 Business
Summary: Office 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Office 365 plans, including Government Community Cloud (GCC).
Office 365 Worldwide (+GCC) | Office 365 operated by 21 Vianet | Office 365 Germany | Office 365 U.S. Government DoD | Office 365 U.S. Government GCC High |
Start with managing Office 365 endpoints to understand our recommendations. Except for emergency changes, endpoints are updated at the end of each month.
Please read each service introduction for more info. Wildcards represent all levels under the root domain and we use N/A when information is not available. Destinations are listed with FQDN/domain only, CIDR prefixes only, or a pairing of FQDNs that represent specific CIDR prefixes along with port information. Use our PAC files to implement the principles below.
- Bypass your proxy for all FQDN/CIDR paired and CIDR prefix only destinations, such as row 2 and 3 in portal and shared.
- Bypass your proxy or remove inspection, authentication, reputation lookup services for any FQDNs marked required without a CIDR prefix, such as row 5 in portal and shared.
- For any remaining optional FQDNs, wildcards, DNS, CDN, CRL, or other unpublished destinations requested by Office 365 services, ensure clients can access them over the Internet.
Managing Office 365 endpoints
Applies To: Office 365 Admin
Overview (see link above for Firewalls, Proxies, Integration & FAQ)
Office 365 network connectivity
12/11/2017 Connections to Office 365 consist of high volume, trusted network requests that perform best when they're made over a low-latency egress that is near the user. Some Office 365 connections can benefit from optimizing the connection.
- Ensure your firewall allow lists allow for connectivity to Office 365 endpoints.
- Use your proxy infrastructure to allow Internet connectivity to wildcard and unpublished destinations.
- Maintain an optimal perimeter network configuration.
- Ensure you're getting the best connectivity.
![34d402f3-f502-42a0-8156-24a7c4273fa5[1].png](https://community.meraki.com/t5/image/serverpage/image-id/1972i9FB55F3323564070/image-size/large?v=v2&px=999 "34d402f3-f502-42a0-8156-24a7c4273fa5[1].png")
Many of the Office 365 packages have:
- A Terabyte of One Cloud Storage
- Exchange Server as a service
- Azure membership
These require continuous access to be useful. It is very easy to arrange matters so that all required working files ares are shared/continuously backed up to the Cloud.
In my experience, anything approaching blocking access to the relevant MS sites will cause more problems than are solved. Better to find a way of giving devices access to the MS list of URLS.
Given how widespread the use of Office 365 is, it would make sense for Meraki to take this on-board, real soon now.
I'll be busy with field testing during much of March and April, so no opportunity to look at using the dashboard to achieve this. But once May comes along, I'll have a look, but I'd hope that Meraki has delivered a solution by then.
@uberseehandel
